FreeBSD 11.0 - mail tls auth pop imap

Miroslav Lachman 000.fbsd at quip.cz
Tue Mar 14 11:58:00 CET 2017 

Jozef Drahovsky wrote on 2017/03/14 11:36:

> Zakladny mail na portoch 25 az 587 aj autorizacia mi funguje, ale  tls
> sluzbu na porte 465 som zatial nerozchodil,
> mozno robim nejaku principialnu chybu. Ma niekto odskusany postup pre
> sendmail a postfix na usetrenie casu?

Konfigurace Postfixu bude zalezet na tom, co od toho pozadujes. Muze to 
vypadat takhle

main.cf:

## TLS

smtp_tls_security_level = may

smtp_tls_session_cache_database = 
btree:/var/db/postfix/smtp_tls_session_cache

smtp_tls_loglevel = 1

smtp_tls_note_starttls_offer = yes

smtp_tls_mandatory_protocols=!SSLv2,!SSLv3



smtpd_tls_security_level = may

smtpd_tls_cert_file = /usr/local/etc/sslt/mail.example.com.crt

smtpd_tls_key_file = /usr/local/etc/ssl/mail.example.com.key

smtpd_tls_CAfile = /usr/local/etc/ssl/intermediateCA.pem

smtpd_tls_received_header = yes

smtpd_tls_session_cache_database = 
btree:/var/db/postfix/smtpd_tls_session_cache

smtpd_tls_loglevel = 1

smtpd_tls_auth_only = yes

smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3

## used in master.cf for encrypted connections
mua_client_restrictions =
     permit_sasl_authenticated
     reject


master.cf
smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       n       -       1       postscreen
#smtpd     pass  -       -       n       -       -       smtpd
#dnsblog   unix  -       -       n       -       0       dnsblog
#tlsproxy  unix  -       -       n       -       0       tlsproxy
submission inet n       -       n       -       -       smtpd
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=$mua_client_restrictions
#  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
   -o syslog_name=postfix/smtps
   -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
   -o smtpd_client_restrictions=$mua_client_restrictions


K tomu si pak jeste do main.cf muzes (mel bys) pridat vhodne restrikce 
pro smtpd_client_restrictions  smtpd_helo_restrictions 
smtpd_sender_restrictions  smtpd_recipient_restrictions

Vice info kdyztak mimo konferenci, protoze tohle vlastne vubec nesouvisi 
s FreeBSD

> Druha otazka, kde si rad necham poradit, ktory pop a imap dnes pouzit
> (uzivatelia su v passwd)?
>
> Pozeral som packages, niektore veci vypadli, ale aj tak je na vyber viac
> veci:

Kazdy ti poradi to, co vyhovuje jemu. A kazdy bude mit v tom svem pravdu :)
Ja jsem dlouhe roky pouzival Courier-IMAP, ale z meho pohledu dnesnim 
narokum uz nedostacuje a tak uz par let zpetne na nove servery nasazuji 
Dovecot / Dovecot2. A kde to jde, tam delam i migraci z Courier-IMAPu na 
Dovecot.

Mirek

More information about the Users-l mailing list